Vulnerabilities detected in kyverno 1.11.3

[mcolmant]

Kyverno Version

1.11.1

Description

Hello,

We are using kyverno version 1.11.3 and several vulnerabilities have been reported.

• GHSA-9763-4f94-gfch (circl): high, merged into main, but targeted to be applied on v1.10.x, could it be picked also for v1.11.x?, https://github.com/kyverno/kyverno/pull/9360
• GHSA-2c7c-3mj9-8fqh (go-jose): medium, merged into main, https://github.com/kyverno/kyverno/pull/8977
• CVE-2023-48795 (crypto): medium, merged into main, https://github.com/kyverno/kyverno/pull/9362

Thanks for your help and your hard work on kyverno.

Slack discussion

No response

Troubleshooting

• [X] I have read and followed the documentation AND the troubleshooting guide.
• [X] I have searched other issues in this repository and mine is not recorded.

[welcome[bot]]

Thanks for opening your first issue here! Be sure to follow the issue template!

[LMantovan]

Hello, in addiction many vulnerabilities are detected in kubectl images used by webhooks.

Is it possible to update kubectl images since there are new versions?

[realshuting]

Hi @mcolmant - opened https://github.com/kyverno/kyverno/pull/9411 go bump the mentioned three libs.

@LMantovan - what version are you using? We bumped the kubectl image via https://github.com/kyverno/kyverno/pull/9408 in 1.12.0.

[LMantovan]

@realshuting I'm using helm chart 3.1.3 which has 1.11.3 version.

[mcolmant]

@realshuting thanks for your help. When do you plan to release the v1.11.4? Thank you,

[realshuting]

@realshuting thanks for your help. When do you plan to release the v1.11.4? Thank you,

As discussed in the community meeting, we will cut 1.11.4 with these vulnerability fixes. It should be out today.